Also, I agree with OTW. Unless you have purposefully made your website vulnerable, it is very likely Nikto gave a false-positive. Get your "hands dirty" and manually check open ports, etc. with Telnet and Netcat. While Nikto is a wonderful vulnerability scanner, YOU must manually debunk any false-positives. Attempting an attack on a non-vulnerable website in the real world could very well lead to years in prison.